openssh unix dev - Oct 2005 - openssh 4.2p1 zlib compression broken for old clients

Hello OpenSSH developers,

openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use
compression:

	# ssh-3.4p1 -C remote-host-with-4.2p1  pwd  
	no matching comp found: client zlib server none,zlib at openssh.com

option "-vv" shows

	...
	debug2: kex_parse_kexinit: zlib
	...
	debug2: kex_parse_kexinit: none,zlib at openssh.com
	...
	debug2: mac_init: found hmac-md5
	no matching comp found: client zlib server none,zlib at openssh.com

using the small patch below makes the old ssh clients happy again with option
"-C"


-------------------------------------------------------------------------------
--- openssh-4.2p1/sshd.c~	2005-10-05 17:58:21.000000000 +0200
+++ openssh-4.2p1/sshd.c	2005-10-26 18:17:44.000000000 +0200
@@ -2014,7 +2014,7 @@
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
 	} else if (options.compression == COMP_DELAYED) {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] -		myproposal[PROPOSAL_COMP_ALGS_STOC] =
"none,zlib at openssh.com";
+		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at
openssh.com,zlib";
 	}
 	
 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
-------------------------------------------------------------------------------


Harald Koenig

PS: yes I know about the security issues using such old ssh clients, but
it's
only used in fairly protected small internal customer networks, and the customer
insists not to change anything in those environments running the old ssh
clients...
(the surrounding environment is pretty well maintained which is the reason for 
the 4.2p1 sshd;-)
-- 
"I hope to die                                      ___       _____
before I *have* to use Microsoft Word.",           0--,|    /OOOOOOO\
Donald E. Knuth, 02-Oct-2001 in Tuebingen.        <_/  /  /OOOOOOOOOOO\
                                                    \  \/OOOOOOOOOOOOOOO\
                                                      \ OOOOOOOOOOOOOOOOO|//
Harald Koenig                                          \/\/\/\/\/\/\/\/\/
science+computing ag                                    //  /     \\  \
koenig at science-computing.de                            ^^^^^       ^^^^^

On Oct 26, Harald Koenig wrote:
> openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use
compression:
> 
> 	# ssh-3.4p1 -C remote-host-with-4.2p1  pwd  
> 	no matching comp found: client zlib server none,zlib at openssh.com
one more note on that topic: for more recent ssh clients, the connection
does not fail anymore, but compression falls back to "none" which
result
in an unexpexted performace loss...


Harald Koenig
-- 
"I hope to die                                      ___       _____
before I *have* to use Microsoft Word.",           0--,|    /OOOOOOO\
Donald E. Knuth, 02-Oct-2001 in Tuebingen.        <_/  /  /OOOOOOOOOOO\
                                                    \  \/OOOOOOOOOOOOOOO\
                                                      \ OOOOOOOOOOOOOOOOO|//
Harald Koenig                                          \/\/\/\/\/\/\/\/\/
science+computing ag                                    //  /     \\  \
koenig at science-computing.de                            ^^^^^       ^^^^^

On Wed Oct 26 10:06:55 2005, Harald Koenig wrote:
> 
> Hello OpenSSH developers,
> 
> openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use
compression:
> 
This is spelt out pretty clearly in the ChangeLog for 4.2p1 and (if I recall 
correctly) in the release announcement on this list. Admittedly, the 
sshd_config(5) man page does not appear to call out this issue.

Set Compression=yes in your sshd_config and the old clients should behave.
> 	# ssh-3.4p1 -C remote-host-with-4.2p1  pwd  
> 	no matching comp found: client zlib server none,zlib at openssh.com
> 
> option "-vv" shows
> 
> 	...
> 	debug2: kex_parse_kexinit: zlib
> 	...
> 	debug2: kex_parse_kexinit: none,zlib at openssh.com
> 	...
> 	debug2: mac_init: found hmac-md5
> 	no matching comp found: client zlib server none,zlib at openssh.com
> 
> using the small patch below makes the old ssh clients happy again with
option "-C"
> 
> 
>
-------------------------------------------------------------------------------
> --- openssh-4.2p1/sshd.c~	2005-10-05 17:58:21.000000000 +0200
> +++ openssh-4.2p1/sshd.c	2005-10-26 18:17:44.000000000 +0200
> @@ -2014,7 +2014,7 @@
>  		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
>  	} else if (options.compression == COMP_DELAYED) {
>  		myproposal[PROPOSAL_COMP_ALGS_CTOS] > -	
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com";
> +		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at
openssh.com,zlib";
>  	}
>  	
>  	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
>
-------------------------------------------------------------------------------
> 
> 
> Harald Koenig
> 
> PS: yes I know about the security issues using such old ssh clients, but
it's
> only used in fairly protected small internal customer networks, and the
customer
> insists not to change anything in those environments running the old ssh
clients...
> (the surrounding environment is pretty well maintained which is the reason
for
> the 4.2p1 sshd;-)
> -- 
> "I hope to die                                      ___       _____
> before I *have* to use Microsoft Word.",           0--,|    /OOOOOOO\
> Donald E. Knuth, 02-Oct-2001 in Tuebingen.        <_/  /  /OOOOOOOOOOO\
>                                                     \  \/OOOOOOOOOOOOOOO\
>                                                       \
OOOOOOOOOOOOOOOOO|//
> Harald Koenig                                          \/\/\/\/\/\/\/\/\/
> science+computing ag                                    //  /     \\  \
> koenig at science-computing.de                            ^^^^^       ^^^^^
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 

--
Iain Morgan